ASP.NET Security Roadmap
Updated: July 2008
This ASP.NET Security section includes topics that show you how to improve the security of a Web site or Web project. The topics in this section provide information and code examples that illustrate security methods for ASP.NET Web sites and Web projects. The topics include information about how to mitigate common security threats, how to protect resources in a Web application, and about how to authenticate and authorize individual users.
There are many threats and countermeasures to apply when you secure an ASP.NET application. We strongly recommend that you review and apply the guidance and checklists provided in the articles Improving Web Application Security: Threats and Countermeasures and Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication on the Microsoft Patterns and Practices Web site.
Common security threats and their mitigation
Authentication (obtaining identification credentials)
Authorization (controlling access to resources)
Encrypting connection strings and other configuration information
Guarding against scripting exploits
Securing data connections
Securing hosted Web sites
Locking down an ASP.NET Web site
Best Practices How-to topics
Performing a security review
(All videos are on external Web sites.)